1. Field of the Invention
The present invention relates to a system and method for monitoring a user's actions on a computing device. In particular, but not exclusively, the invention relates to a system and method for remotely monitoring a user's actions performed on a web browser program.
2. Description of Related Art
In many instances it is desirable to be able to monitor actions of a user on a computer device or computer network. This is particularly the case where the internet is being accessed, because in such circumstances there is a possibility that the computer network is being used to access inappropriate websites or material. A number of monitoring systems are known which allow restriction of internet access. The simplest form of system relies on a predetermined list of keywords or forbidden websites. If a user attempts to access any site on the list, they are forbidden from doing so, and the attempt may be logged. However, this suffers from limitations arising from the use of a predetermined list of sites, in that such sites may change their URL frequently. Further, it may still be possible for a user to access inappropriate sites that do not use the restricted keywords.
Alternative systems may make use of ‘cookies’ stored on a user's computer. Cookies are short character strings encoding certain information regarding the user's browsing habits, sites visited, and so on. The difficulties with cookies are that they rely on the user allowing them to be stored on their computer. Also, their information storage capacity is relatively low, typically being restricted to user identifiers and time of last site visit. Hence, in practice, it is difficult to use cookies to monitor a user's website access other than on a broad level such as time of visits to particular sites.
More sophisticated systems may rely on intercepting actual data flows to and from the user's computer. However, a typical such system executes as a separate program from the web browser, which makes it possible for the user to relatively easily detect the execution of the program and identify that they are being monitored. Further, typical systems monitor either activity on the user (client) device or on the server device. However, in practice, it may be beneficial to be able to monitor activity on both devices if desired. Conventional systems are also relatively large program files, which may lead to an appreciable drop in performance of the user's computer, as well as making the files more visible to a user. A further disadvantage of conventional systems is that they are unable to identify the user who is being monitored. Although sophisticated systems may identify the network username or the computer terminal identity, and so make some association between users and access to inappropriate websites, they rely on users adopting rigorous security procedures and not allowing others to use their username and password, logging off terminals when leaving them unattended, and so on. Further, such systems are not proof against malicious user impersonation. It would be beneficial to be able to confirm the identity of a monitored user.
As well as the conventional systems described above, various other monitoring systems have been proposed. For example, GB 2350211 describes a system that monitors users at the Operating System level. However, it is designed to operate only on a client computer, and does not allow remote monitoring or logging of activity. WO 01/26291 A2 is concerned with the remote “health” evaluation, maintenance and support of systems in general (be they computers or other devices). It is not intended to monitor user activity via a web browser or on other systems. Furthermore, the technology appears to be applicable to only one site. WO 00/08570 describes a system, which is hardwired to a given site (it appears to act on a site which operates as a proxy server, else it accesses documents local to one site only). This system also accesses the http stream (the normal communication between a browser and a web site) in order to obtain the information for monitoring purposes.
EP 0 953 920 A2 describes yet another system, which includes a tailor-made client. An agent, which appears to be a proxy server, is integrated into a viewer provided by the vendor. The overall process indicates that the technology accesses the http stream in order to acquire the information needed for monitoring. The system interacts with the user and the agent questions the user to extract information. As a still further example, U.S. Pat. No. 5,835,722A describes an application specific to blocking access to Internet sites, documents, emails etc. based on dynamic libraries/dictionaries. It has no means of extracting user information from browser activities nor does it possess an inference mechanism of particular sophistication. Further, in collecting information over Internet connections, this system interferes with the http connection. This approach can lead to several undesirable effects such as corruption of the data stream or performance bottlenecks.